BitTorrent unveils NSA-proof online calling and messaging software

August 1, 2014 by Jon Healey, Los Angeles Times

BitTorrent Inc., the San Francisco company behind the most popular technology for sharing files online, is branching out into a new arena: snoop-proof calling and texting.

The company announced the availability Wednesday of a preliminary, test version of BitTorrent Bleep software, which will enable people to make calls (voice only) and send messages over the Internet without using a central server to direct traffic. Instead, users will find one another through groups of other users, with no records of the calls or texts stored anywhere along the way.

Once a connection is made for a call or text, the communication travels directly between the two computers involved. That peer-to-peer approach also defies mass surveillance. Granted, it doesn't pay to underestimate the National Security Agency's ability to monitor even well-hidden communications. But Bleep certainly makes the job harder than the most popular online calling and messaging apps do.

Bleep will be available by invitation only for now, the company said, because it still has plenty of rough edges. It's also limited to computers running Windows 7 or 8, although support for more platforms is coming.

The product reflects BitTorrent's effort to find more applications for the distributed-computing technology that underlies its file-sharing software. It launched BitTorrent Sync last year to provide an alternative to cloud-based programs that synchronize files across multiple devices. Shortly before that it unveiled BitTorrent Bundles, a publishing platform for digital content. The company has been working on Bleep at least since September, when it announced its plan to develop a secure online chat service.

Online calling and messaging services typically seek to preserve privacy by scrambling the communications between the sender and the recipient. The problem is that they rely on central servers to handle the electronic signals that establish the connection. The metadata that passes through those servers can be monitored or intercepted, potentially exposing the calls and texts themselves to surveillance, as leaked NSA data has revealed about Skype and other Voice over Internet Protocol services.

Bleep encrypts its traffic too, as well as enabling users to keep their identities secret even from those with whom they're communicating. But the main reason it's more secure, the company says, is because it has no central servers. "We are not even storing data temporarily on servers and then deleting it," Farid Fadaie, head of the Bleep project, wrote in a blog post Wednesday. "We never have the metadata in the first place."

Nor does anyone else. Unlike BitTorrent's file-sharing technology, there are no central, surveillance-susceptible indices helping to connect one user to another. Instead, when User X tries to start a call or send a text to User Y, X's Bleep software asks other BitTorrent users if they know Y's IP address. Their query eventually reaches a computer that Y's Bleep software has made contact with, revealing Y's address. The information is sent back to X, enabling X and Y to connect directly.

"Consider Bleep your personal redaction pen controlled by you and only you," Jaehee Lee, senior product manager at BitTorrent, wrote in a blog post Wednesday. "Anything you say is Bleep-ed out to us and everyone else for that matter."

This seems technologically nifty, but who would go to the trouble of running Bleep when millions of people around the world can easily be reached through Skype, WhatsApp or any number of other VOIP and chat apps? Lee offered four possible use cases: diplomats sharing sensitive dispatches, businesses safeguarding communications from industrial espionage, reporters protecting sources, or friends keeping their conversations private.

I could suggest any number of less noble uses for the software too. But as with the BitTorrent protocol itself, Bleep shouldn't be judged by the things people do with it. Instead, it should be judged by its ability to deliver on its promise of security.

The technology isn't interoperable with other chat or VOIP clients, at least not at this point, so its utility will be limited unless and until it gains a critical mass of users. The tremendous popularity of the BitTorrent protocol gives Bleep a strong global foundation, but not much else. That could change, though, if Bleep were built into updated versions of the apps people use to share torrent files.

One other potential factor is whether Congress changes the 1994 Communications Assistance for Law Enforcement Act to require data communications services to support wiretaps, as the Justice Department and federal security agencies have sought. Today, the wiretap requirement applies only to phone networks (including mobile ones) and online services that are effective substitutes for them (such as Vonage). If CALEA were extended to all online voice and messaging services, BitTorrent might be faced with the choice of withdrawing Bleep somehow from the United States or re-engineering it to remove its distinguishing feature.

Related Stories

(Phys.org)—Researchers from Birmingham University in the UK have found that users who frequent BitTorrent file sharing sites such as The Pirate Bay, risk having their IP address logged by monitors as quickly as within three ...

(PhysOrg.com) -- Researchers at Polytechnic Institute of New York University (NYU-Poly) and colleagues in France and Germany will soon notify Internet scholars of flaws in Skype and other Internet-based phone systems that ...

By now, most people feel comfortable conducting financial transactions on the Web. The cryptographic schemes that protect online banking and credit card purchases have proven their reliability over decades.

Studying data from Twitter, University of Illinois researchers found that less people tweet per capita from larger cities than in smaller ones, indicating an unexpected trend that has implications in understanding urban pace ...

Unpacking groceries is a straightforward albeit tedious task: You reach into a bag, feel around for an item, and pull it out. A quick glance will tell you what the item is and where it should be stored.

A new online game puts players in the shoes of an aspiring propagandist to give the public a taste of the techniques and motivations behind the spread of disinformation—potentially "inoculating" them against the influence ...

It's a safe bet that some of the websites and apps you use collect and subsequently sell your personal data. But how can you know which ones? An EPFL researcher has led the development of a program that can answer that question ...

verkle

What if your legal activity today becomes illegal tomorrow?How about if I don't trust an individual in the NSA chain not to abuse their position?If I'm collaborating with someone about an idea we've yet to patent, should our discussions be broadcast to our competitors?

Let's just go with my life isn't your business, or the government's. Remember, there is no single entity "The Government". They are comprised of fallible, corruptible, sanctimonious humans.

Instead of trying to hide our communication online and elsewhere, why can't we just be more open? Only criminals have something to hide.

not necessarily...there should be a right to privacy within certain circumstances, as well as protection from abuse of privilege like SoylentGrin points out above

would you want your ex-spouse/enemy to be able to bring up all your personal data whenever they please for revenge purposes?how about someone that just hates you because you are religious?or maybe someone who thinks you should be dealt with severely because THEY are religious?How about watching you as a threat to whatever just because of your public posts on a pop-sci site?

there are things that need to be kept private. like:e-mails to your kids? wife? girlfriend? boyfriend? business partner? secret new business patented technology? classified documents? investigations that are on-going? HIPA data? STD/medical/lab results? clinical trials? new meds?

Just because it is peer to peer does not mean it is not capable of being monitored... only that it is harder to monitor. glad it is also scrambled. i know that you can tap a phone line without even violating the integrity of the line.certain direct scrambled hard lines in the former USSR were tapped (without physically damaging the lines) while underwater by our gov't during the cold war

I would also add private com between law enforcement during investigations (like above), ANY Dr. to Dr. consult/interface for HIPA protection, any private info that should be protected from 3rd party discovery...

I hope this does not get undermined by CALEAit looks like it would be far too useful...

I don't buy that p2p makes communications any more secure in the face of the NSA et al, because it'll still be easily characterized and there is every reason to believe that they have access to all major transport into and out of ISPs. Anybody who knows the terrible state that our nationwide backbone diversity has fallen to would certainly agree that it wouldn't really be that hard, or require "taps" in that many locations. At least not as long as you're only looking to snoop on internet traffic - it would be a nightmare to try to tap every literal p2p transport fiber that businesses have run for their WANs and whatnot, but anyway...

In my opinion, if anything this service is probably more likely to get your communications stored than more conventional services.

It's about time someone stood up to the NSA spying on law abiding citizens. Now we need a cell phone that can't be tapped or monitored by the NSA or any government agency.

And to all who say that ask what do you have to hide?I laugh at you. If you want to display your ENTIRE life story for anyone to see, go for it.I do not want any government agency listening to my phone calls, checking my emails, etc.Plus, a government that has full access to their citizens life stories, is called a communist country.

Dr_toad

And a Tannerite fence line, no doubt. Where do you buy your truth? Yeehah.

Nope. About ten miles of Lake Michigan with a gatekeeper ferryman's tariff. I thought Karl Popper's The Logic of Scientific Discovery a good guide to truth, that and the aphorism to Believe Nothing Read or Heard Without Verifying It Oneself Unless Weltanschauung Congruent.

How is this secure at all? If i maliciously modify my bittorrent code to LIE and say yes i know the IP address of Y it's my IP address. Then wouldn't X attempt to connect to me instead. i Could even connect to the REAL Y and just be a middle man they dont know about.

How is this secure at all? If i maliciously modify my bittorrent code to LIE and say yes i know the IP address of Y it's my IP address. Then wouldn't X attempt to connect to me instead. i Could even connect to the REAL Y and just be a middle man they dont know about.

This is not possible unless you have the private key of the person who is being queried.

Please sign in to add a comment.
Registration is free, and takes less than a minute.
Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.